Setup Instructions for New Team Members
Accounts, Group Memberships, Certificates, Etc.
Computing account at FNAL*
Computing account at CERN*
CERN user certificate* installed on your web browser
CMS VO Registration*
-
- go to the CMS VOMRS server
, and follow the instructions
- Select all the necessary roles for your functions (Ask Jen Adelman-McCarthy or David Mason)
CMS hypernews account* and subscribe to the hn-cms-comp-ops mailing list
Elog account*
TWiki registration*
Github account*
-
- Go to https://github.com/
and create a new GH account if not already created and share it with your supervisor to be a contributor to the project.
Getting access to cmst1 account*
-
- Send an email to Sharad and Alan providing your CERN AFS/Nice username with CC to cms-comp-ops-workflow-team@cern.ch. Since you need to:
- be added to the AFS cmst1:users
- be added to the cms-comp-ops-workflow-team egroup
- be added to the cmst1.pp puppet manifest
Subscribe to E-groups*
-
- to do this, go to https://e-groups.cern.ch/
and log in with your CERN username and password
- search for and subscribe to these e-groups:
- cms-comp-ops
- cms-comp-ops-workflow-team
Become a member of the zh:lcg_writers afs group (for site support team members)
-
- Search and apply for this e-group: cms-afs-lcg-writers, it synchronized to the afs group once per day
- You need to be a member of this afs group in order to have permission to edit files which you will need work on them
- You can check members of this group by using this command: pts membership zh:lcg_writers
- Note, when you get the membership, do not forget to renew your afs token by using this command: kinit
Become a member of the cmsdataops account at FNAL
-
- to do this, contact Jen Adelman-McCarthy requesting to be added to the cmsdataops account at fnal
Make sure you appear in SiteDB
GGUS account*
-
- Go to https://ggus.eu
- Load your certificate information.
- Use Registration link on the left side panel and select Support access (So you can update tickets).
Proxy-ssh and SSH tunnels* to several machines at FNAL and CERN
-
- In order to access the WMAgent instances and for some monitoring plots to show up, you will need to create ssh tunnels to several machines.
- Follow the instructions HERE
- If you would monitoring the agent machines, you should also be enroled in the cmst1 group. Ask who owns the cmst1 password to add you.
Proxy certificate*: installing your cert in remote machines and getting a proxy
-
- A proxy certificate is needed for any operation that uses ssl (authentication X509). These operations are: move files within the grid, to assign jobs, and to access to cmsweb.
- This needs to be re-done once your proxy expires (usually 1 or 2 days)
- export your myCert.p12 from your browser to your home area [do cd ~ in shell to find out where is it]
- once a year you will need to renew your proxy.
-
- now you need to change permissions on the files:
chmod 400 userkey.pem # owner read only
chmod 600 usercert.pem # owner R&W
-
- you are now ready to get your proxy:
- lxplus (new SL6 machines)
voms-proxy-init -voms cms
- lxplus5 (old SL5 machines):
source /afs/cern.ch/cms/LCG/LCG-2/UI/cms_ui_env.sh voms-proxy-init -voms cms
- cmspc:
source /uscmst1/prod/grid/gLite_SL5.sh voms-proxy-init -voms cms
- Access to the T&I Services: ACDC Console
- ACDC Console is behind CERN firewall, so one needs to tunnel into CERN network to access. Please follow the following instructions to do so: